VYPR

Maven package

org.apache.activemq/activemq-mqtt

pkg:maven/org.apache.activemq/activemq-mqtt

Vulnerabilities (2)

  • CVE-2026-40046HigApr 9, 2026
    affected >= 6.0.0, < 6.2.4fixed 6.2.4

    Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 (and future 5.19.x) releases but was missed f

  • CVE-2025-66168MedMar 4, 2026
    affected < 5.19.2fixed 5.19.2

    WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the  following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://www.cve.org/CVERecord?id=CVE-2026-40046